Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, J. 1972. Computer security technology planning study. U. S. Air Force Electronic Systems Division Technical Report. (Oct.), 73–51.
Anderson, R. 2001. Why information security is hard-an economic perspective. In Proceeding of 17th Annual Computer Security Applications Conference (ACSAC) (New Orleans, Louisiana. December 10–14).
Axelsson, S. 2000. The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and Systems Security. 3,3 (Aug.), 186–205.
Buzzard, K. 1999. Computer security-what should you spend your money on. Computers & Security. 18,4, 322–334.
Daniels, T.E. and Spafford, E. H. 1999. Identification of host audit data to detect attacks on low-level IP. Journal of Computer Security. 7,1, 3–35.
Denning, D. 1987. An intrusion-detection model. IEEE Transactions on Software Engineering. 13,2 (Feb.), 222–226.
Denning, D., and Branstad, D. 1996. A taxonomy of key escrow encryption systems. Communications of the ACM. 39,3(Mar.), 34–40.
Finne, T. 1998. A conceptual framework for information security management. Computers & Security. 17,4, 303–307.
Frincke, D. 2000. Balancing cooperation and risk in intrusion detection. ACM Transactions on Information and Systems Security. 3,1(Feb.), 1–29.
Hann, J., and Weber, R. 1996. Information systems planning: a model and empirical tests. Management Science. 42,7(Jul.), 1043–1064.
Gordon, L. and Loeb, M. 2001. A Framework for using information security as a response to competitor analysis systems. Communications of the ACM, Vol. 44. No. 9 (Sept.) 70–75
Hoo, K. 2000. How much is enough? A risk-management approach to computer security. Consortium for Research on Information Security Policy (CRISP) Working Paper. Stanford University. (June).
Jajodia, S., and J. Millen. 1993. Editors’ preface. Journal of Computer Security. 2,2/3, 85.
Jones, A. 1997. Penetration testing and system audit. Computers & Security. 16, 595–602.
Kpmg. 2000. Information Security Survey 2000. http://www.kpmg.co.uk/services/audit/pubs/ISS, (Apr.), 1–4
Larsen, A. 1999. Global security survey: virus attack. InformationWeek.Com.http://www.informationweek.com/743/security.htm (Jul.12).
Littlewood, B., Broclehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Dobson, J., Mcdermid, J., and Gollman, D. 1993. Towards operational measures of security. Journal of Computer Security. 2,2, 211–229.
Loch, K. D., Carr, H. H., and Warkentin, M. E. 1992. Threats to information systems: today’s reality, yesterday’s understanding. MIS Quarterly. 17,2, 173–186.
Luotonen, O. 1993. Risk management and insurances. Painatuskeskus Oy. Helsinki.
Mcknight, L., R. Solomon, J. Reagle, D. Carver, C. Johnson, B. Gerovac, and Gingold, D. 1997. Information security of internet commerce. In Internet Economics, ed. L. McKnight and J. Bailey. Cambridge, Mass.: MIT Press, 435–452.
Meadows, C. 2001. A cost-based framework for analysis of denial of service in networks, Journal of Computer Security. 9,1/2, 143–164.
Millen, J. 1992. A resource allocation model for denial of service. Proceedings of the 1992 IEEE Symposium on Security & Privacy. IEEE Comp Soc Press, 137–147.
Muralidhar, K., Batra, D., and Kirs, P. 1995. Accessibility, security, and accuracy in statistical databases: the case for the multiplicative fixed data perturbation approach. Management Science. 41,9 (Sep.), 1549–1564.
NIST (National Institute of Standards and Technology). 1995. An Introduction to Computer Security: The NIST Handbook. (Special Publication 800-12).
Osborn, S., Sandhu, R., and Munawer, Q. 2000. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions of Information and Systems Security. 3,2(May), 85–106.
Peyravian, M., Roginsky, A., Zunic, N. 1999. Hash-based encryption. Computers & Security. 18,4, 345–350.
Pfleeger, C. 1997., Security in Computing (2nd ed.), Prentice-Hall, N.J.
Power, R. 2001. 2001 CSI/FBI computer crime and security survey. Computer Security Journal. 17,2 (Spring), 29–51.
Sandhu, R. S., Bhamidipati, V., and Munawer, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and Systems Security. 1,2 (Feb.), 105–135.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Computer. 29,2 (Feb.), 38–47.
Schneier, B. 1996. Applied Cryptography (2nd ed.), Wiley. New York, NY.
Simmons, G. 1994. Cryptanalysis and protocol failures. Communications of the ACM. 37,11 (Nov.), 56–64.
Straub, D. W. and Welke, R. J. 1998. Coping with systems risk: security planning models for management decision making. MIS Quarterly. 23,4, 441–469.
Straub, D. W. 1990. Effective IS security: an empirical study. Information Systems Research. 1,3, 255–276.
Varian, H.R. 1997. How to Build an Economic Model in Your Spare Time. It is part of a collection titled Passion and Craft: Economists at Work, edited by Michael Szenberg, University of Michigan Press, available at http://www.sims.berkeley.edu/~hal/Papers/how.pdf
Vigna, G. and Kemmeerer, R. A. 1999. NetSTAT: a network-based intrusion detection system. Journal of Computer Security. 7,1, 37–71.
Wiseman, S. 1986. A secure capability computer system. Proceedings of the IEEE Symposium on Security & Privacy. IEEE Comp Soc Press, 86–94.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Gordon, L.A., Loeb, M.P. (2004). The Economics of Information Security Investment. In: Camp, L.J., Lewis, S. (eds) Economics of Information Security. Advances in Information Security, vol 12. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8090-5_9
Download citation
DOI: https://doi.org/10.1007/1-4020-8090-5_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8089-0
Online ISBN: 978-1-4020-8090-6
eBook Packages: Springer Book Archive